2.2 Using Visualizations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 53 minutes
Video Transcription
lesson to using visualizations
before we start a quick question.
In what context do you think you learned most when you were being told what happens or when you see what happens? I will be amazed if your answer was anything other than
when I see what happens. Seeing things with their own eyes create a more intense learning experience. It's the next best thing to being there.
In this lesson, we're going to look at visualizations with a view to using them to deliver a superior learning experience. For our colleagues
will learn ways in which we can apply visualizations so that users can see with their own eyes what happens when certain types of cyber fit manifest themselves on how it might impact them.
On audio visual experience conveys information and knowledge far more effectively than lecturing, augmented with bullet points on reading. Bullet points alone is even worse
when someone is lecturing us or we are reading text. Much of our mental energy is taken up with processing the words and characters into some kind of visual representation,
so that in our mind's eye we can create our own visualization of what we're being told. We're trying to ride two horses at the same time. And as we're trying to visualize the spoken or written word, our concentration is divided
so that we have gaps between what we have managed to visualize on what we missed. When we're trying to process words and sound,
a visualization enables us to demonstrate the topic that we're trying to communicate.
Let's look at an example
my way of providing an example of why visualization beats telling. I'm going to give you a short lecture on the above topic of controlled building, demolition,
demolition or raising is the science and engineering of safely and efficiently tearing down buildings and other man made structures.
It's a highly specialized job, which requires a detailed understanding of construction on the use of explosives to undermine the building on Make It fall in a perfect perpendicular to minimize the impact on the immediate surroundings.
When a controlled building demolition takes place, explosives were placed at the base of the building on went detonating. Ah, large cloud of dust rises from the base on the building seems to undergo a perpendicular implosion disappearing into the dust cloud.
Okay, that's one way of doing it. Now let's take a look at the same information delivered by visualization.
I'm sure you can see the difference. We gave the same information but delivered it very differently. In the visual ization example, we gave the users of information to read. Then we reinforced it with our highly visual example, which allowed them to see and experience the situation. We described
the pacing. We first delivered text, then the demonstration. The visual demonstration that is
also helps by not overwhelming the user. That is
also helps by not overwhelming the user with too many streams of information coming at them. At the same time,
seeing what happens or seeing what we are required to do conveys knowledge and information faster and more effectively than text or lectures.
The pictures and actions are more easily remembered because we're not trying to translate non visually information into visual form.
We can do the same thing to demonstrate information, security threats and risks as the next few slides will show. We're going to concentrate on to threats that are relevant to end users. Mel where and fishing and his info. SEC professionals. We know that the tour intrinsically linked
fishing being the preferred attack vector for delivering a malware payload.
I'll show you how a malware attack can be visualized on how we can create an animated walkthrough off a simple phishing email. By the way, the voiceover for the next few slides will change context. To assist with your learning experience, I'll be speaking as if the content is being delivered to an end
It's a sad fact that business people like you are the hackers preferred way of getting into our systems to cause trouble and disruption. They're constantly looking for new ways to trip you up and trick you into clicking links or attachments in e mails that will install malicious software onto your computer equipment.
They send out quite literally millions of e mails knowing that just one click can open the door for them on. All they need to do is to catch you unaware for just a few seconds on. When they do, the impact can be disastrous.
Hi back to Cyprus mode. Now
I hope you could see just what a vivid example this can be. Compared with bullet points on a few images of some well publicized cyber attacks.
In this example, the user actually sees what happens when a piece of ransomware infects their PC.
They see the screen disappearing on the ransom demand, appearing on their screen just a zit would in the real world if they were hacked.
Just a reminder again on the subject of context and familiarity that we covered earlier on the first part of this sequence, you saw a PC with a fairly standard desktop. If you're going to use this approach,
build up the image using a screenshot of your standard desktop. Remember, the user experience needs to be relevant, and seeing a blind, unfamiliar desktop get corrupted and taken over won't have the same impact is using an image
that looks exactly like the familiar company standard desktop that everyone is used to.
Let's move on now and show how we can use this approach to create an animated walkthrough of red flags in a phishing email on I'll be speaking again for the most part, as if I'm delivering the content to an end user.
This is a fairly simple email, which shows the most common red flags indicating that it's a phishing email sent by a hacker with malicious intent.
The first real giveaway is where there is a disparity between the display name of the sender on the actual email address. E mails displaying these characteristics should always be treated with suspicion on referred to information security.
They have your email address, and they say you have an account with them,
but they don't use your name. This lack of personalization is definitely suspicious. Any links in an email that point to a domain other than the one the email came from are also suspicious.
Bad grammar and spelling errors are also potential giveaways, as is the threat of negative consequences for failing to respond to the email. This should always avails your suspicions.
Okay, back inside remote again. As you can see, rather than listing red flags, we've shown the user an example email and gradually revealed and described where the red flags are. The pacing of this is quite important to that's why we don't show all of the information at the same time.
First, we tell the user how many warning signs they should be looking for.
Next, we introduce them one at a time, providing both audio and text based guidance in an animation sequence.
Remember again, the concept of familiarity and relevance.
Make the example look like an email as it will be seen in your organization. You might want to show it as it would appear when displayed in your own email client. For instance, with a familiar layout on ribbon,
visualizations can be applied to other areas of your security education program to help visualize other types of cyber security threat.
These could include safe Internet browsing. Showing uses. How to recognize safe You are else, for instance, demonstrating how data leakage can occur.
Showing the process of applying security settings and patches to different devices,
showing the steps of social engineering
and using public WiFi safely
but always keeping view. The principles of familiarity make every example reflect the convention styles standard layouts that you would expect to see on a day to day basis in your organization.
So before we move on to the summary, just a quick question to complete this lesson visualizations help us to retain knowledge more effectively because,
okay, are you comfortable with that? Well, then, let's move on there to the lesson summary
in this lesson recovered the concepts of visualization on how this consignia thick unt we improve the learning experience. We showed how visualization approaches make it easier for participants to understand concepts by seeing what happens on helping them absorb information more naturally.
In the next video, which is less than three,
we're going to look at using experiential techniques that allow us to gain assurance that our colleagues, our understanding what it is we're trying to teach them on can actually apply it. In other words, we're making sure that our efforts to build and improve our colleagues threaten recognition capabilities are, in fact, working
you might be thinking are now He's going to be talking about testing and quizzes.
Will you be half right? Testing and quizzes are just one way of assessing understanding of a particular topic. What I'll be showing you is something a little more sophisticated than that, something that it allows us to draw firm conclusion on our colleagues and our organization's threat recognition capability.
Well, then they'll completed Lesson two of making it stick. Thanks for watching,
and I'll look forward to seeing you in Lesson three
Up Next
Creating Effective User Awareness Training

Creating Effective User Awareness Training is based on educational principles that result in learning and skills retention. End users and information security professionals need a better approach than what is currently out there in the market place at the moment.

Instructed By